Researchers find proof-of-concept code that can take advantage of the recently identified Apache Struts framework (CVE-2018-11776) vulnerability.
Link: https://threatpost.com/poc-code-surfaces-to-exploit-apache-struts-2-vulnerability/136921/
Tag: Hacks
T-Mobile Alerts 2.3 Million Customers of Data Breach Tied to Leaky API
T-Mobile alerts millions of its customers to a breach of its website that resulted in subscriber names, zip codes, phone numbers, email addresses and account numbers being stolen.
Link: https://threatpost.com/t-mobile-alerts-2-3-million-customers-of-data-breach-tied-to-leaky-api/136896/
Cheddar’s Restaurants Bitten By Credit-Card Breach
Restaurants in 23 states were compromised for two months.
Link: https://threatpost.com/cheddars-restaurants-bitten-by-credit-card-breach/136876/
DNC: Highly Publicized ‘Phishing Attempt’ Was Only a Security Test
DNC officials and Lookout believed a spoofed site was built to harvest authentication details for the Democratic voter database.
Link: https://threatpost.com/dnc-highly-publicized-phishing-attempt-was-only-a-security-test/136828/
DNC Becomes Latest Target in Series of Election-Season Attacks
The DNC thwarts a phishing effort aimed at its voter database, days after Microsoft’s Fancy Bear disruption and Facebook’s efforts against Iranian propaganda.
Link: https://threatpost.com/dnc-becomes-latest-target-in-series-of-election-season-attacks/136814/
Podcast: Bad Packets Report Founder on Rising Cryptojacking Attacks
Cryptojacking attacks are on the rise. We talk to security researcher Troy Mursch about why bad actors are drawn to this attack technique.
Link: https://threatpost.com/podcast-bad-packets-report-founder-on-rising-cryptojacking-attacks/136778/
Belkin IoT Smart Plug Flaw Allows Remote Code Execution in Smart Homes
An unpatched buffer overflow flaw allows remote attackers to completely take over the device and enter the home network.
Link: https://threatpost.com/belkin-iot-smart-plug-flaw-allows-remote-code-execution-in-smart-homes/136732/
Side-Channel PoC Attack Targets Encryption Software Glitch
Researchers launched a Proof-of-Concept attack on two Android mobile phones and an embedded system board.
Link: https://threatpost.com/side-channel-poc-attack-targets-encryption-software-glitch/136703/
Darkhotel Exploits Microsoft Zero-Day VBScript Flaw
The recently-patched flaw could corrupt memory in such a way that an attacker could execute arbitrary code in the context of the current user.
Link: https://threatpost.com/darkhotel-exploits-microsoft-zero-day-vbscript-flaw/136685/
Unique Malspam Campaign Uses MS Publisher to Drop a RAT on Banks
A new email campaign includes a Microsoft Office Publisher file with malicious URLs leading to the FlawedAmmyy RAT.
Link: https://threatpost.com/unique-malspam-campaign-uses-ms-publisher-to-drop-a-rat-on-banks/136656/